Overview

URLhgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/index.html
IP 52.219.99.18 (United States)
ASN#16509 AMAZON-02
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-09 09:48:35 UTC
StatusLoading report..
IDS alerts0
Blocklist alert0
urlquery alerts
21
Scam - Fake AntiVirus
Tags None

Domain Summary (16)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
cdnjs.cloudflare.com (2) 235 2012-05-23 12:49:49 UTC 2022-12-08 17:12:31 UTC 104.17.24.14
ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-12-08 17:15:52 UTC 93.184.220.29
cdn.jsdelivr.net (2) 439 2012-09-30 00:15:09 UTC 2022-12-08 17:12:17 UTC 104.16.88.20
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-12-08 17:20:00 UTC 52.42.74.230
maxcdn.bootstrapcdn.com (1) 724 2014-06-18 00:37:31 UTC 2022-12-08 17:12:18 UTC 188.114.99.234
hgfftf2gfhrfd.s3.us-east-2.amazonaws.com (21) 0 No data No data 52.219.143.10 Unknown ranking
firefox.settings.services.mozilla.com (2) 867 2020-05-25 20:06:39 UTC 2022-12-08 17:12:32 UTC 35.241.9.150
www.google-analytics.com (1) 40 2012-05-21 09:41:50 UTC 2022-12-08 17:20:06 UTC 142.250.74.14
r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-12-08 17:12:06 UTC 23.36.77.32
ocsp.pki.goog (6) 175 2017-06-14 07:23:31 UTC 2022-12-08 17:12:01 UTC 216.58.211.3
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-12-08 17:21:04 UTC 34.160.144.191
www.googletagmanager.com (1) 75 2012-10-04 01:07:32 UTC 2022-12-08 17:14:43 UTC 142.250.74.168
stats.g.doubleclick.net (1) 96 2012-07-01 17:13:23 UTC 2022-12-08 17:14:59 UTC 108.177.14.157
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-12-08 15:50:00 UTC 34.120.237.76
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-08 17:14:01 UTC 34.117.237.239
region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-12-08 17:12:10 UTC 216.239.32.36 Domain (google-analytics.com) ranked at: 8401

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 2 reports on IP: 52.219.99.18
Date UQ / IDS / BL URL IP
2022-12-09 09:48:35 +0000 21 - 0 - 0 hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por (...) 52.219.99.18
2022-11-29 19:19:53 +0000 20 - 0 - 0 jbckjdsjuusm.s3.us-east-2.amazonaws.com/8693- (...) 52.219.99.18


Last 5 reports on ASN: AMAZON-02
Date UQ / IDS / BL URL IP
2023-02-02 20:16:52 +0000 0 - 2 - 0 d3ry3spu9wn6vo.cloudfront.net/files/dz6uqht0u (...) 54.230.245.74
2023-02-02 20:16:16 +0000 0 - 0 - 1 normallink.com/a200ceef-1bbc-45fa-90c8-953812 (...) 18.193.235.10
2023-02-02 20:16:02 +0000 0 - 2 - 0 d23iz4esrwkib6.cloudfront.net/logitech/contro (...) 54.230.245.148
2023-02-02 20:15:50 +0000 0 - 2 - 0 d23iz4esrwkib6.cloudfront.net/logitech/contro (...) 54.230.245.138
2023-02-02 20:11:08 +0000 0 - 2 - 0 d23iz4esrwkib6.cloudfront.net/lu/depot/cdbu/s (...) 54.230.245.148


Last 1 reports on domain: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
Date UQ / IDS / BL URL IP
2022-12-09 09:48:35 +0000 21 - 0 - 0 hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por (...) 52.219.99.18


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-15 13:49:19 +0000 20 - 0 - 0 ghng66gngjm.s3.us-west-2.amazonaws.com/1esp37 (...) 3.5.83.207
2022-12-15 11:46:05 +0000 20 - 0 - 0 hmhggf53dvb.s3.eu-central-1.amazonaws.com/1es (...) 52.219.169.122
2022-12-15 09:47:00 +0000 21 - 0 - 0 jghkhyg49jbjbgbh.s3.ca-central-1.amazonaws.co (...) 16.12.5.2
2022-12-15 09:39:45 +0000 20 - 0 - 0 hfngfgf43hghjg.s3.ap-northeast-3.amazonaws.co (...) 52.95.182.34
2022-12-15 09:39:10 +0000 20 - 0 - 0 hfngfgf43hghjg.s3.ap-northeast-3.amazonaws.co (...) 52.95.182.46

JavaScript

Executed Scripts (23)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (57)


Request Response
                                        
                                            GET /1por2778/index.html HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: text/html
                                        
x-amz-id-2: Y9zxmv94h/vANMyi7mH0zH7JpGYqQRAcDjvvRMxSI9LEBWvaIH+JhYKlu6guNcZcnYcsz1dd+8Y=
x-amz-request-id: ADQ3C7XWEJEV56SE
Date: Fri, 09 Dec 2022 09:48:25 GMT
Last-Modified: Fri, 09 Dec 2022 09:38:26 GMT
ETag: "e32d357e49426ec042f2e60a94f97308"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 1258


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   1258
Md5:    e32d357e49426ec042f2e60a94f97308
Sha1:   a6cde43b0f337829815871d1f9805ddbafed00d1
Sha256: 0ecfb55c78311412c8ad0390a7ff76ae05ffaa1dd6315433407232d8ea5691b5

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5803
Expires: Fri, 09 Dec 2022 11:25:07 GMT
Date: Fri, 09 Dec 2022 09:48:24 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3397
Expires: Fri, 09 Dec 2022 10:45:01 GMT
Date: Fri, 09 Dec 2022 09:48:24 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 09:08:18 GMT
age: 2406
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3080
Expires: Fri, 09 Dec 2022 10:39:44 GMT
Date: Fri, 09 Dec 2022 09:48:24 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: hoA0OrzFLn5Tjk7zkD+vG+ld581qgJQINWIY0VAGVRETAW4UWFeRzbjMBTZsHy8sKXG2K7xgcUw=
x-amz-request-id: M0469W8PCQW65BZV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 09:48:17 GMT
age: 7
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 09 Dec 2022 09:48:24 GMT
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/index.html
Upgrade-Insecure-Requests: 1

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: text/html
                                        
x-amz-id-2: fGl6qCdtj+lAwMgOg6BMm9LfnQbpHaCQLNchPXAQb9JgX3CBiZo+dDuqzVYgDrEW00FLQ32e1to=
x-amz-request-id: ADQEH1YZMTFE9FJ7
Date: Fri, 09 Dec 2022 09:48:25 GMT
Last-Modified: Fri, 09 Dec 2022 09:36:22 GMT
ETag: "b61fdbef1332b110e9d39247d8a55909"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 36666


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size:   36666
Md5:    b61fdbef1332b110e9d39247d8a55909
Sha1:   927c7c23907fc7eee4a5cce8b3871f40ab22294b
Sha256: b42f52844151d074b5e35eb8cb02dbea19d3671865d08b111bab926e25b2fec6
                                        
                                            GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 09 Dec 2022 09:48:25 GMT
content-length: 26660
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14983"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 16026093
expires: Wed, 29 Nov 2023 09:48:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YpDQxQTv547X36Xq948dJ3VictkwbPZvdLR%2BlSQvlkPsqIEHgnlRKdIMRijbcbKihN%2FOboGLYu%2Bio6vq4bNmLG%2BOsIu2bgKzRgwiqi2%2FY6Rcpe6ZGQMPiAm4oc%2FWJ%2BTm5c8aY0dN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 776cd330a917b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32180)
Size:   26660
Md5:    b1e4b2a99336201b37fb8cea5d57abb9
Sha1:   d57980f0d0eaaf57ec33ddc9ed027274cfa86027
Sha256: c805bfd991983f57b5b7878b998f7529e9b7e2df4bc2d39ba493934e23ba3f8a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4691
Cache-Control: max-age=118828
Date: Fri, 09 Dec 2022 09:48:25 GMT
Etag: "63921f42-117"
Expires: Sat, 10 Dec 2022 18:48:53 GMT
Last-Modified: Thu, 08 Dec 2022 17:30:42 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:48:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4854
Cache-Control: max-age=167646
Date: Fri, 09 Dec 2022 09:48:25 GMT
Etag: "6392dd51-117"
Expires: Sun, 11 Dec 2022 08:22:31 GMT
Last-Modified: Fri, 09 Dec 2022 07:01:37 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /ajax/libs/modernizr/2.8.3/modernizr.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 09 Dec 2022 09:48:25 GMT
content-length: 3980
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03f26-2b4c"
last-modified: Mon, 04 May 2020 16:13:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2040659
expires: Wed, 29 Nov 2023 09:48:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8BS03%2B%2FTJpB%2BH3rkx6T%2BG5a4WpYG%2BYLuLDFXarxlrn9cKSAGYuL%2FzJRs40R1WgWv85D5nIXfRdN3TsyBvBVLDphTeXhCBYgtv%2FQ5u%2B8dZvRlTR7Qx3aZgTgh114gI%2BQSLsUjGBGZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 776cd330d94cb4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (11084), with no line terminators
Size:   3980
Md5:    a5775b673c18ffa903cd1a6129ce5f87
Sha1:   ee2569b285a7dbc4ccc95b01a16f06943fade768
Sha256: ab8ad2f07d5214be2ade4edcd295d5fb8f8aa60971b3ec1348063a8a19659fc9
                                        
                                            GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.16.88.20
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Fri, 09 Dec 2022 09:48:25 GMT
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
x-served-by: cache-fra19138-FRA, cache-cdg20754-CDG
x-cache: HIT, MISS
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 7035869
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zADXcqMsICUJura5IScKFYdVpmVmaYcUaLn37Jni7wAVtnaUHj823rboVcJov8dGei786gF5CK5vROOm21%2BM0A4DS3d%2BXQcVDnUa1PUdceF6L617z0irZ8Y0AeTNTZYhrpE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776cd330fdb0b523-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65326)
Size:   25347
Md5:    6983ecc31c8e03b8733f3bc8b9ad5457
Sha1:   8ad07f4ea4d0a8088ebe2d0470c4190df51e2250
Sha256: 2ff365c3d434ede11bc7759e3515ac1239c6ee4b48d5bcf923e704a4aa9a5058
                                        
                                            GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.88.20
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 09 Dec 2022 09:48:25 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
x-served-by: cache-fra19144-FRA, cache-iad-kiad7000155-IAD
x-cache: HIT, HIT
vary: Accept-Encoding
cf-cache-status: HIT
age: 16267902
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k6OJukicTSBA2Cco4fQU0n6N9YdEcdA2q39b2HsrkzugYC9qffKYKIZLfP0RqQW2rgB5SyOCF0oa3VZfUoq4UtqONHpGI%2F%2F14wypIi0Tx%2FkwfhaHI%2F3CCrfBoLJtInEFS4I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776cd330fdb2b523-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65299)
Size:   22891
Md5:    67ecd28e05ba62e9397e66f271150b6c
Sha1:   11964c0977434724fea80d8f8bc1302197808a3c
Sha256: 571f5530205fd9b2979d956690ac3f8a56eb64f31759ace8c172794126129843
                                        
                                            GET /gtag/js?id=UA-93923346-3 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 09:48:25 GMT
expires: Fri, 09 Dec 2022 09:48:25 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44717
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   44717
Md5:    f80c05d483ad80be099c85b9ef78cbf2
Sha1:   c8f0eedab858c92e811b93f1b6b61837d07a5a7f
Sha256: 19b328f30cb4e58807b6c75783cc54f1d4c187c4f1c6575ebebb1c6420f8653d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:48:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/main.css HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: text/css
                                        
x-amz-id-2: 7HOh9s8FH6gsgrKEaR+9/LHEGkTi/dJMTzdID54/kVV9RA2SVED36jCSUw91rhn0ufw/pKaoVNQ=
x-amz-request-id: ACG9XPHCY52C5Z6Z
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:35:45 GMT
ETag: "59485662ad8c31d0ce044d507ae1f9e1"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 12081


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   12081
Md5:    59485662ad8c31d0ce044d507ae1f9e1
Sha1:   0255cc6cc44f789e19f739c7ce097115cc0926c7
Sha256: c9cbd7b75903aa6a60256e1b6d0303e292132c132b87b23864a16b293764fddd

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/main.js HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: yB0qjjDCpONfjyB6gRUcqP619vk6/lsp+f6K6aXoVGTAo+6V/4gnediCANTthPlHoF6PQODnGD4=
x-amz-request-id: ACG69NN02FGEQYQH
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:35:53 GMT
ETag: "feee4ae71d078d42a5da82ab704f2238"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 1290


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1290
Md5:    feee4ae71d078d42a5da82ab704f2238
Sha1:   79b33b7b11bb68db03ebbb2f0fbe4bfda5566c8c
Sha256: 8d5d7f0a7361ea45135e12c3f9b4a9249abd119d0df47d83c765c2389410c389

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/before.js HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: KxNtgQ0HdqIagjA+ehPuRMTymXq8evQHc+MF54muRNrrLRAegfVC1LirV4fDMUrVgbLr1LKNheg=
x-amz-request-id: ACG84M3TECY1MXE7
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:36:25 GMT
ETag: "87c2dc3aeb373ca8445f7410ef387689"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 366


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   366
Md5:    87c2dc3aeb373ca8445f7410ef387689
Sha1:   688f4be3cfb8688b4441f382724495a7b82b3f62
Sha256: 31681779c6f394370dad146169896e9ec2b8f7c716c4b1db78c459033e48bf95

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/light.js HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: /JdwHeBZcDdLDgb+HvMrdmNTxw0qoy5H8TKOwVwTNV4COQcBBMQag6R4UY5mI3Ym1ah7yq18B4g=
x-amz-request-id: ACG99V88Y41J18MR
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:35:42 GMT
ETag: "cd6c33fbc221d0271c910af910e6ebed"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 503


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   503
Md5:    cd6c33fbc221d0271c910af910e6ebed
Sha1:   9b52f24d6f10b885bb19db1c4b531469f96d2914
Sha256: 318698ae5e67c32550d6b40ac09848d598f6317f51a8f09638ba925f6e7cc479

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 09:07:55 GMT
age: 2430
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/fullscreen.js HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: rFNuIWzMvUeviOnUwLTrPkeKc1eddv6irA3KT3ECIi3EO3fF5q12xxo8FYPc9s/c8ClTulhc7CY=
x-amz-request-id: ACG5HK66T1EM5R31
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:36:05 GMT
ETag: "62f519fe72808a3ec681392b7ff47417"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 245


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   245
Md5:    62f519fe72808a3ec681392b7ff47417
Sha1:   2ee16112e35feb9d6d48ae0f4e66187514dec811
Sha256: 43703d37b8fe2769cb2e12db7aa281dbcca175124d05ff4b0cc3d152534698a4

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/setting.png HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: avXI/mEgO6vqzf2XaqfCJm8P9V5v4ZwF9NGEUgF9r+ZzoEbEDtiMurKamd2V6kzX+mRj/2O5EGM=
x-amz-request-id: ACG6GS12BZ7RNB26
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:36:04 GMT
ETag: "e144c3378090087c8ce129a30cb6cb4e"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 364


--- Additional Info ---
Magic:  PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Size:   364
Md5:    e144c3378090087c8ce129a30cb6cb4e
Sha1:   59da5466551de941d0215e45c54aa2ceaf436be1
Sha256: b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/microsoft.png HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: o6iWNLjvvWSErL9DaR846G/7Hchu3Np8IFc0SNJsuFgBww8bffdxzZjHzrBj5+Kmt2UMak84pec=
x-amz-request-id: ACG3HGQZVC39ES6Z
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:35:44 GMT
ETag: "bf2b460590fbb9d8e9611a6e9006b816"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 1045


--- Additional Info ---
Magic:  PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Size:   1045
Md5:    bf2b460590fbb9d8e9611a6e9006b816
Sha1:   561e1dab259d61e798b3ce380527b71b61074ff3
Sha256: ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/que.png HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: TjlTdZiT+Btrc5PjfFxsmG+TTxVoKF49L7MF9PVY+6OSpK5nv9SWs3uABlOS+7R4SQCsHWDcWBM=
x-amz-request-id: ACG655B01BZH6N72
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:36:20 GMT
ETag: "7454c652e0733d92de6c920c2d646ae0"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 349


--- Additional Info ---
Magic:  PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data
Size:   349
Md5:    7454c652e0733d92de6c920c2d646ae0
Sha1:   34a5bd8c7401f95e346895b0e5ccffbf0e9ad638
Sha256: 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/pc.png HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: em2YV/WeUKNnVOyyheTQYd9LJWx2vTlzBt0dZDQz8VkNtuC6qTjYSfX5ecLdKGF8082ApDui2F8=
x-amz-request-id: ACGF59GX25G3QQHS
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:35:57 GMT
ETag: "cc5132b56ba46b03dd998aa1fe220106"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 4949


--- Additional Info ---
Magic:  PNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced\012- data
Size:   4949
Md5:    cc5132b56ba46b03dd998aa1fe220106
Sha1:   403e007a0b17d76a9945fa5ec46a9d01733b3040
Sha256: 598699133be5eef63e3b9b5540609ec0dc91d7af9c7f70a3b890e57491a70ae0

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/minimize.jpeg HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: sMryDaIxrwCOXmPovmNxglTNJU1+LIaZooZKomWfHgDr3jOdEUxb9uI2jK83ALa8BwGkXJY9iHU=
x-amz-request-id: ACGAGG4X5NRBFEX4
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:36:00 GMT
ETag: "1ba392dce74f8987dca48bf65d817c8f"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 2247


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x39, components 3\012- data
Size:   2247
Md5:    1ba392dce74f8987dca48bf65d817c8f
Sha1:   db0b8444c46125105b52f272bd422a7f52da1f72
Sha256: a05245b6f7fd752af4a7b0131bbdfdf3eaee6c5a25a81cb498e0f0759189473c

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/bell.png HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: wvE5lJQpfUztmbLewurgCfcN/UnXhivziFBvlrsnczakGyPEK3NiFF8rrwSif0T61oCNMgfSxeQ=
x-amz-request-id: ACGCAHH5D2N8FQ6B
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:36:21 GMT
ETag: "a3555871399f1f67bfacaf437974b03a"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 1108


--- Additional Info ---
Magic:  PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size:   1108
Md5:    a3555871399f1f67bfacaf437974b03a
Sha1:   b6337de87cd7a75a73cd804774651d14c83fe76a
Sha256: 2e48fef820929c21295e13444901f60e3aed61ba6f8c773ff1466e6843e76b49

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/def.png HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: JgSYFHXADgQZX5H+MK6jQNgczTNLeJ+VUjKGQ9mVmTJFe0z08/Bjs9z54KsxrwZ3OjSw2FGG9qc=
x-amz-request-id: ACG2X8K7T7GWF3RV
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:36:30 GMT
ETag: "77a2ffc5545f87551d74781201de9b3b"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 3834


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   3834
Md5:    77a2ffc5545f87551d74781201de9b3b
Sha1:   c9c3798afd2ae95aa3bba3c428335d49c8255b06
Sha256: 316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/virus-scan.png HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: 2hMXSzhLchYWlvEIB+ZXiOi/J8or93JT+NNgXtyI+sRYOb17AqOZOlmU3PU7o37xdK6LBtJotm4=
x-amz-request-id: ACG5BQVV5TT9VG8N
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:35:54 GMT
ETag: "2c497dfff84bd8c5af9254c9d6278ce1"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 25871


--- Additional Info ---
Magic:  PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size:   25871
Md5:    2c497dfff84bd8c5af9254c9d6278ce1
Sha1:   667e72e7ba6f00a54629e28133317022d4b59af6
Sha256: b2dc4153ee7019c70a1095d5d1304d540e3bba045d99e141f63e5b13362e5a4e

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5163
Cache-Control: max-age=89070
Date: Fri, 09 Dec 2022 09:48:25 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:32:55 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/0wa0rni0ng0.mp3 HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 206 Partial Content
Content-Type: audio/mp3
                                        
x-amz-id-2: 4Defrow/9guvT9VigZ+wUFPvhGmRCIkiB/GxfB+36qhTx2kQgDP7p1SCCwIkpmrpmOIgCVGQPAo=
x-amz-request-id: ACGB5WN3MZ7VVNX0
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:36:02 GMT
ETag: "8618fbb0911e3b8fc96725dee8bfd81f"
Accept-Ranges: bytes
Content-Range: bytes 0-8404/8405
Server: AmazonS3
Content-Length: 8405


--- Additional Info ---
Magic:  Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural\012- data
Size:   8405
Md5:    8618fbb0911e3b8fc96725dee8bfd81f
Sha1:   1bbcb78922946d0cf18fbf3a9e092e36453eb767
Sha256: 0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/wa0lDErtm0s.mp3 HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 206 Partial Content
Content-Type: audio/mp3
                                        
x-amz-id-2: yZpaiRpQlxbjU5onAC0uSZNfUHxnoXGjSYrph4xVDqkFMX4yAiwZdXRFMuUawPPg9Q0dl/FGZPY=
x-amz-request-id: ACG3JHF7MB8DBAFC
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:36:18 GMT
ETag: "8618fbb0911e3b8fc96725dee8bfd81f"
Accept-Ranges: bytes
Content-Range: bytes 0-8404/8405
Server: AmazonS3
Content-Length: 8405


--- Additional Info ---
Magic:  Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural\012- data
Size:   8405
Md5:    8618fbb0911e3b8fc96725dee8bfd81f
Sha1:   1bbcb78922946d0cf18fbf3a9e092e36453eb767
Sha256: 0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/cross.png HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: wDZZlfLJLkGYw6R+HpqstS7VulFY40BTsj9tAkkYubH4QGYz+vVS8r+sMxqOESk1Kt77e37ghFg=
x-amz-request-id: ACG5C7PFW12P6E2Y
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:35:59 GMT
ETag: "4487a588bf2a07e3d1936d705c5ceefd"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 44098


--- Additional Info ---
Magic:  PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Size:   44098
Md5:    4487a588bf2a07e3d1936d705c5ceefd
Sha1:   db193b3e2ab9fbee6eae99ced2366b1ef5f16971
Sha256: 3821ef20f5904fdb993e34d87ff8fb9c5786a382efb0eeee8b4f00c91428b701

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/virus-images.png HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: Q6ap2BdeJClqHODJF/ETB6UdqhzrnlHYZCQi6itSusT0id2coYJ0xkhIZQHXrxhRmCPW1nZ6iBA=
x-amz-request-id: ACG5QNJNF4NVXRCM
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:36:17 GMT
ETag: "68c7d1836cf921e767b980e8ce6d845b"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 33366


--- Additional Info ---
Magic:  PNG image data, 200 x 191, 8-bit/color RGBA, non-interlaced\012- data
Size:   33366
Md5:    68c7d1836cf921e767b980e8ce6d845b
Sha1:   395fc474214809b1282fc589e4a8f0be81b16adc
Sha256: 870e9d768ba46521935ced4cee560acfbb4f12370e5476dc6a2a45f0141a8392

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XohG4vzxHxFuRYEE8bErJQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.42.74.230
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9vLGZJb5ZkLw6S2H5xgoak7ck1w=

                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.14
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 09 Dec 2022 08:46:55 GMT
expires: Fri, 09 Dec 2022 10:46:55 GMT
cache-control: public, max-age=7200
age: 3690
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
Cookie: _ga_7JSG9DFFFZ=GS1.1.1670579304.1.0.1670579304.0.0.0; _ga=GA1.1.295726297.1670579305

search
                                         52.219.143.10
HTTP/1.1 403 Forbidden
Content-Type: application/xml
                                        
x-amz-request-id: ACG6CPVY3K2CW30X
x-amz-id-2: YyvkFR42r9odidSOWhwKhZ5ujtDV1RF3fhnqm1O356gseITSAbAt5dg3tKGBDbkl28OtAeqRxng=
Transfer-Encoding: chunked
Date: Fri, 09 Dec 2022 09:48:25 GMT
Server: AmazonS3


--- Additional Info ---
Magic:  XML 1.0 document text\012- XML document, ASCII text
Size:   243
Md5:    a26c41ef24cb20b76094005254a01ec4
Sha1:   53acf2e061b2823178fc53fe226a8e827b8767a1
Sha256: 0773286a253898bf1ec036c3550203fcb77f2c9ffb9cbc202c9ebb2f78e1a40f
                                        
                                            GET /1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/background.png HTTP/1.1 
Host: hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/1por2778/AmC00FrdEr00d0FF808Err0r8Ami07/index.html

search
                                         52.219.143.10
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: bFT2Tfx7Ze1RRJj/vjLKdYRCJEbyXukPLAfPTujfZUXDS1/WOUHXLRnamJeOt+O6lNXYbOZY5Oc=
x-amz-request-id: ACG8FQBCJV9YCZ9J
Date: Fri, 09 Dec 2022 09:48:26 GMT
Last-Modified: Fri, 09 Dec 2022 09:35:50 GMT
ETag: "400502ee2726928f1b2314404b53dafa"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 838375


--- Additional Info ---
Magic:  PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size:   838375
Md5:    400502ee2726928f1b2314404b53dafa
Sha1:   bda6258ea064b64735ec156340f95ce97fac2df8
Sha256: ee94f46aecf6fbed409cc7575ec3beca259bc1d8863401fe9325959426e0d270

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:48:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /g/collect?v=2&tid=G-7JSG9DFFFZ&gtm=2oebu0&_p=1008485012&cid=295726297.1670579305&ul=en-us&sr=1280x1024&_s=1&sid=1670579304&sct=1&seg=0&dl=http%3A%2F%2Fhgfftf2gfhrfd.s3.us-east-2.amazonaws.com%2F1por2778%2FAmC00FrdEr00d0FF808Err0r8Ami07%2Findex.html&dr=http%3A%2F%2Fhgfftf2gfhrfd.s3.us-east-2.amazonaws.com%2F1por2778%2Findex.html&dt=Security-Center-Code0x268d3%20Services-Er00ffError0Amr07&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         216.239.32.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
date: Fri, 09 Dec 2022 09:48:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Scam - Fake AntiVirus
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:48:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-93923346-3&cid=295726297.1670579305&jid=1291358122&gjid=67482269&_gid=1606544537.1670579305&_u=YADAAUAAAAAAACAAI~&z=153854193 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         108.177.14.157
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 09 Dec 2022 09:48:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:48:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:48:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7084
Expires: Fri, 09 Dec 2022 11:46:30 GMT
Date: Fri, 09 Dec 2022 09:48:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7084
Expires: Fri, 09 Dec 2022 11:46:30 GMT
Date: Fri, 09 Dec 2022 09:48:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7084
Expires: Fri, 09 Dec 2022 11:46:30 GMT
Date: Fri, 09 Dec 2022 09:48:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7084
Expires: Fri, 09 Dec 2022 11:46:30 GMT
Date: Fri, 09 Dec 2022 09:48:26 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H067kZXU_djWxbWO34bYMqa0xZ-WF9ntEBhZ-kV_TDoJFXQL_J1hqQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:34:27 GMT
age: 22439
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6578
Md5:    8546542f00ea29ef4df6ab8d3c7c2164
Sha1:   5c8ffe91490006a9890188b53f875568c2b6bd8f
Sha256: 7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7Dp35PIr_WYUI1bBa21AvmCMEPi0d3jnhuS8eEk3Q3CXRcGWAnkD8g==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 17:01:04 GMT
age: 60442
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5188
Md5:    fba9a3854df65740512f96efe7442e58
Sha1:   8fbff7725c842d70e047c635a725723a9dc9c55a
Sha256: 6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 13:49:59 GMT
age: 71907
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12748
Md5:    730ba1a8edb79ba6f83b46d1ba5aed7b
Sha1:   55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
Sha256: f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8ff35a0-24dc-4158-b67e-a5f03f5a9022.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 1584
x-amzn-requestid: 7743c8a6-118c-4c69-b833-a9e2f5561a54
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw5VEGV8IAMFcOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903c20-41fdf6d004b388f51fa70833;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:09:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: whmRQYshKD6d2Pz3Z0ZCCFr_MEPR1rEek7nVZqf5XeiWpt1LIcjvBQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:35:35 GMT
age: 7971
etag: "9ad22ea868f3b72832243fd11315c68117c7542b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   1584
Md5:    4f6cfc43170be4dd0264f2b0b6bcc329
Sha1:   9ad22ea868f3b72832243fd11315c68117c7542b
Sha256: f5cc67d46241c2f5aebc2515bf8828889f8ceda8112b78cdf925a260b82fd833
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:41:46 GMT
age: 22001
etag: "7558222788f06623ddae6e883413e38e1146281e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7897
Md5:    8c3214044657f3b876d1f1848bca5684
Sha1:   7558222788f06623ddae6e883413e38e1146281e
Sha256: e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47563cf2-d887-4c1d-a3b9-0b5151226171.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8709
x-amzn-requestid: 8c5094d3-3286-44db-bd3f-9369cd8220eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c2LYGGm6oAMFn1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63925900-2ea563bc1b5aa87a0ebd6251;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 21:37:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oHNHICPfq1U2qYhNmrtf5_56-jtn-zOMPGvBdhXICE493RfJ1cFCvA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:59:55 GMT
age: 42512
etag: "cac4e03ae9857def8b094e005647c3e49c34d686"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8709
Md5:    0321199622f614202a646f925521ace7
Sha1:   cac4e03ae9857def8b094e005647c3e49c34d686
Sha256: 042494598add540a49650d5556d33bf53f647d77e64fbf13f3d881ebf251a525
                                        
                                            GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hgfftf2gfhrfd.s3.us-east-2.amazonaws.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         188.114.99.234
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Fri, 09 Dec 2022 09:48:25 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 16023553
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776cd330fbdab512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---